1. Field of the Disclosed Embodiments
This disclosure relates to systems and methods for using hand-held wireless devices to discretely scan for wireless access points and to collect various details regarding the scanned wireless access points and the networks that are accessible via those scanned wireless access points. The collected various details may include basic security implementations, signal strengths and other like details regarding the scanned wireless access points and networks.
2. Related Art
All manner of wireless devices are used to access various networks and network-connected systems via random wireless access points. There has emerged a need for entities to accurately assess certain characteristics regarding specific wireless access points and the networks that are accessible via those wireless access points.
These assessment capabilities can be used to a number of beneficial purposes. Among the benefits of assessing characteristics of a particular wireless access point is to assist commercial enterprises operating local networks, government agencies and law enforcement entities in performing overall vulnerability assessments on networks, and the systems connected thereto, that may be accessed through one or more wireless access points. Vulnerability assessments can be used to determine weaknesses in particular target local networks, or devices connected to the target local networks, in order to evaluate susceptibility of the a particular target network, or individual device in communication with the particular target network, to cyber-attack.
Conventionally, vulnerability assessments have been carried out on specific networks, or otherwise in specific network environments, using desktop computer systems or laptop computers. For example, existing programs for personal computers are available to perform extensive vulnerability scans on networks of computers. One example of such a system was developed by Tenable Network System and is marketed under the trade name Nessus® as a proprietary comprehensive vulnerability scanning program. These vulnerability assessment systems include capabilities to detect, for example, potential vulnerabilities on tested network systems that may allow an intruder into the network to gain access to, and potentially exercise control of, sensitive data in a particular targeted network system. These vulnerability assessment systems may also detect other areas of exposure including, for example, weaknesses in password protocol, to include existence of common, default or missing passwords.
Significant drawbacks exist in these conventional vulnerability assessment systems. Such conventional vulnerability assessment systems are generally very extensive requiring excessive time, and manipulation by a trained operator, in order to provide an accurate assessment. These conventional vulnerability assessment systems also generally require significant computing power. It is for this reason that the conventional vulnerability assessment systems are generally hosted on a large and conspicuous specifically-configured desktop and/or laptop computer. These computer systems are rendered more conspicuous when they are introduced into the network/workplace environment by a trained operator whose manipulation of the system is generally required to provide effective assessment and analysis of the results.
Adding to the above physical drawback in employing such conventional systems and methods is that the use of these clearly visible conventional devices, most often introduced into the network environment by the equally conspicuous outside assessor, can cause disruption in the network/workplace environment in which the evaluation device is employed. In such instances, users and administrators alike have been known to modify systems and/or individual behaviors when it is clear from the use of conspicuous methods and systems that some sort of assessment is underway.
This modification in behavior by individuals operating monitored systems and networks can have adverse effects on the results of any evaluation, which can be at least in part attributed to the conspicuously-undertaken nature of the assessment. The results of any evaluation can be, for example, improperly skewed, thereby lessening the effectiveness of the assessment.
Additionally, use of additional conspicuous evaluation devices in certain secure environments can cause an individual assessor to be harassed, or otherwise bothered, by individual system operators and/or regular security personnel, the latter including being independently detained while access and equipment protocols receive heightened scrutiny.
Another conventional manner by which vulnerability assessments are undertaken is through installation of specific hardware appliances installed on-site to perform routine vulnerability scans on the connected network and any devices connected to the network. Drawbacks to this conventional solution include that such hardware installations tend to be less agile and are rarely accessible by entities outside the specific organization, such as a company, that operates or maintains the local network.